Capri 1.30 
 Capri
Introduction
Installation
Capri protocol
CapriAWT - Antiworm Toolbox
License
Download
Installing Capri, step by step.
 
1. Unpacking the archive.
The Capri distribution contains a number of directories.
  • capri-1.xx/capri
    This directory contains everything needed for adding capri to your existing Apache setup.
  • capri-1.xx/cgi-bin
    The Anti-worm Toolbox + worm templates. If you want to use these features you should put these files into your cgi-bin directory. These scripts are written in PERL, so you'll additionally need a PERL interpreter on your system.
  • capri-1.xx/docs
    Yet to come...
 
2. Merging Capri into the Apache conf.
Copy the directory capri into your SERVER_ROOT. Include the file named apache-capri.conf into the vhost containers from which you are going to use the Capri-protocol. A good idea is to add the inlude directive at the very end of the vhost container. That way any former mod_rewrite directives you may add in the future will be able to communicate and/or take advantage of the Capri features.
 <VirtualHost www.mydomain.tld>
 ...
 Include capri/apache-capri.conf
 </VirtualHost>

  • If you want to use Capri for catching worms you MUST include apache-capri.conf into the PRIMARY Virtualhost/server for each IP-address your server listens to. The simplest way to determine which your primary host is on a multihomed server, is by accessing your server by its IP-address. (http://your.ip.addr/) The virtualhost responding to your request is, you guessed it...your primary host.
 
3. Load module mod_rewrite into the server.
This is usually done at the main server level httpd.conf Uncomment if present or add the following directive. More about mod_rewrite
 LoadModule rewrite_module modules/mod_rewrite.so

 
4. Modifying the standard logging directive.
To enable you able to switch off and on logging explicitly via a Capri interceptor we'll need to modify your existing CustomLog directive to do conditional logging. If you use separate access-logs per virual host, you'll have to change all affected directives accordingly.
 CustomLog logs/access_log combined env=!LOG_BLOCK

You simply need to add the bolded part env=!LOG_BLOCK to the end of your existing log-directive. This instructs Apache to log request only when environment variable LOG_BLOCK is unset, which will evalaute to true on every request unless explicitly set from Capri. So, all other logging activities will go on just as normal. More about mod_log_config
 
5. Restarting Apache.
Now, everything should be set up correctly and you may re-start Apache to make the changes take effect. Capri will now tell mod_rewrite to pick up two additional files capri.conf and capri.ip-cache which are present in the capri-directory. If these aren't found, Apache won't start so make sure these are present.
 
6. Configuring Capri.
Now the fun begins. Open up capri.conf and add/modify your own request interceptors. As you might see, the default configuration comes with some predefined interceptors for the Code Red and Nimda worms. Let these act as prototypes for your own interceptors. They should give you the basic understanding of the capri syntax. For a full reference of the capri-protocol and what commands are available, refer to the section "CAPRI-protocol".
 
 
 SiteSearch
 Search Site By Google
   
 
 
  Copyright(c) 2001-2005 Saltstorm. All rights reserved.